Configuring a Remote Transfer-Server Node

Follow the steps below to set up a remote transfer-server node for IBM Aspera Shares on Demand.

Important: Note that all steps must be performed on the remote machine (transfer server), as the root user.

Set up the Node API.
The Node API must be set up in the IBM Aspera Enterprise Server for Shares on Demand to communicate with the remote machine. Refer to the Node API Setup section in the Managing the Node API section of the IBM Aspera Enterprise Server Administrator's Guide for instructions on how to set up the Node API in Enterprise Server.
Create the system user "shares".
This is the user who authenticates the actual ascp transfer, and must be an operating system account. Run the following commands to create the system user "shares".
```
# /usr/sbin/groupadd -r shares
# /usr/sbin/useradd -r shares -s /bin/aspshell-r -g shares
```
Create and configure the "shares" package directory.
Run the following commands to configure the "Shares on Demand" directory /home/shares/ and the shares_packages subdirectory:
```
# mkdir -p /home/shares/shares_packages
# chown shares:shares /home/shares/
# chown shares:shares /home/shares/shares_packages 
```

Configure aspera.conf.

Add the shares package directory as a docroot in aspera.conf. The aspera.conf file can be found in the following location:

/opt/aspera/etc/aspera.conf

Below is a typical Shares on Demand aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Modify the following, as necessary:

In the file below, look for the <absolute> tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
Look for the <server_name> tag below, and ensure that SERVER_IP_OR_NAME has been replaced with the name or IP address of your server.
In the <central_server> section, set <persistent_store> to enable as shown below. Shares on Demand 3.5+ requires persistent storage to be enabled. By default, <persistent_store> is disabled (not set).

<?xml version='1.0' encoding='UTF-8'?>
<CONF version="2"> 

<central_server>
  <address>127.0.0.1</address>
  <port>40001</port>
  <compact_on_startup>enable</compact_on_startup>
  <persistent_store>enable</persistent_store>
  <persistent_store_on_error>ignore</persistent_store_on_error>
  <persistent_store_max_age>86400</persistent_store_max_age>
  <event_buffer_overrun>block</event_buffer_overrun>
</central_server>
<default>
  <file_system>
    <pre_calculate_job_size>yes</pre_calculate_job_size>
  </file_system>
</default>
<aaa>
  <realms>
    <realm>
      <users>
        <user>
          <name>shares</name>
          <file_system>
            <access>
              <paths>
                <path>
                  <absolute>/home/shares/shares_packages</absolute>
                  <show_as>/</show_as>
                  <dir_allowed>true</dir_allowed>
                </path>
              </paths>
            </access>
            <directory_create_mode>770</directory_create_mode>
            <file_create_mode>660</file_create_mode>
          </file_system>
          <authorization>
            <transfer>
              <in>
                <value>token</value>
              </in>
              <out>
                <value>token</value>
              </out>
            </transfer>
            <token>
              <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
            </token>
          </authorization>
        </user>
      </users>
    </realm>
  </realms>
</aaa>
<http_server>
  <http_port>8080</http_port>
  <enable_http>1</enable_http>
  <https_port>8443</https_port>
  <enable_https>1</enable_https>
</http_server>
<server>
  <server_name>SERVER_IP_OR_NAME</server_name>
</server>
</CONF>

After modifying aspera.conf, restart Aspera Central and Aspera NodeD services.

# /etc/init.d/asperacentral restart
# /etc/init.d/asperanoded restart

Verify you have installed a valid Shares on Demand license on your transfer server.
If you need to update your transfer server license (by following the instructions in the Updating Product License section of the Enterprise Server Admin Guide), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin.exe, found in the following location:
```
# /opt/aspera/bin/asnodeadmin --reload 
```
Set up the node user.
Run the following commands to set up the node user (where "node-admin" is the node user, "s3cur3_p433" is his password and "shares" is the system user), and then reload asperanoded.
```
# /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x shares
# /opt/aspera/bin/asnodeadmin --reload 
```
Install the Aspera Connect™ key.
First, locate your Aspera Connect key as follows:
```
/opt/aspera/var/aspera_id_dsa.pub
```
Then, run the following commands to create a .ssh folder (if it does not already exist) in the shares user's home directory:
```
# mkdir -p /home/shares/.ssh
```
Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:
```
# cat /opt/aspera/var/aspera_id_dsa.pub >> /home/shares/.ssh/authorized_keys
```
Run the following commands to change the key directory and keyfile's ownership to the shares user and set permission bits:
```
# chown shares:shares /home/shares/.ssh  
# chown shares:shares /home/shares/.ssh/authorized_keys
# chmod 600 /home/shares/.ssh/authorized_keys
# chmod 700 /home/shares
# chmod 700 /home/shares/.ssh
```
Set up token authorization.
Refer to the Setting Up Token Authorization topic in the Aspera Enterprise Server Administrator's Guide.